Hi Pep-Folks,
I have an interesting scenario that might not be possible, but here goes.
We have a “critical device” that requires a dedicated connection with very low latency and no other traffic/congestion.
Setup:
- WAN 1
- WAN 2
- Critical Device
- All other clients
Current Outbound Policy:
During business hours:
- Critical device: Priority WAN 1 > WAN 2
- All other devices: Enforced WAN 2
During off-hours:
- Critical device: Priority WAN 1 > WAN 2
- All other devices: Least used WAN.
However, this presents a scenario where if WAN 1 goes down during business hours, the critical device finds itself on WAN 2 with everything else.
Is there a way to setup an outbound policy in such a way that if WAN 1 is down, the critical device gets WAN 2 but all other clients get dropped?
This might actually be a feature request for a new kind of outbound policy algorithm?
Algorithm: Dedicated
Source: Device MAC/IP required
Priority Order: List selection for “allowed” WANs
Description: Traffic for the dedicated device will be routed through the healthy connection that has the highest priority. No other clients will be routed over the same WAN as the dedicated device.
Its a critical device and you’re not using speedfusion? Shame on you. 
2 Likes
If you did use speedfusion, you could set the tunnel to use all WANs and so long as its the only thing in the tunnel it will always be prioritized over other LAN traffic.
To be doubly sure. use Schedule based outbound policies. One configured for business hours that forces all other traffic via WAN2.
Another for OOH, set for all other devices to use WAN1 + WAN2 in least used.
1 Like
Hmm, that might work.
Although I don’t know if the device would play nice with SF. It creates its own VPN tunnel and adds about 100 ms of latency to whatever the WAN’s is.
That’s a 100ms buffer then to improve delivery over lossy links I suppose.
If not SpeedFusion you could see if you could apply user groups and application queue / priority to the device / its VPN traffic and raise its priority whilst lowering everything else…
I’ve yet to find a VPN protocol that can’t be sent over a well configured SpeedFusion Tunnel…
1 Like